dordorkins

Help! Computer freeze with redirect viruses / rootkit!

4 posts in this topic

Hi.

I've been experiencing a rootkit virus for a while now, just haven't gotten to the time to actually get rid of it till now.

I've scanned with RougeKiller.. my two scans are listed below.

Help would be appreciated, thank you. :)

ROGUE KILLER SCAN 1:

RogueKiller V8.5.1 _x64_ [Feb 12 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : DorothyN [Admin rights]

Mode : Scan -- Date : 03/02/2013 09:56:01

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 11 ¤¤¤

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKCU\[...]\System : DisableCMD (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD642JJ ATA Device +++++

--- User ---

[MBR] b6a50cad35c21f5d88752030e4c2267a

[bSP] 2f8722f9a86f009208ae8241a82a3fe9 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 595439 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_03022013_02d0956.txt >>

RKreport[1]_S_03022013_02d0956.txt

____________________

ROGUE KILLER DELETE:

RogueKiller V8.5.1 _x64_ [Feb 12 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : DorothyN [Admin rights]

Mode : Remove -- Date : 03/02/2013 10:12:20

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED

[HJPOL] HKCU\[...]\System : DisableCMD (0) -> DELETED

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)

[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD642JJ ATA Device +++++

--- User ---

[MBR] b6a50cad35c21f5d88752030e4c2267a

[bSP] 2f8722f9a86f009208ae8241a82a3fe9 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 595439 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_D_03022013_02d1012.txt >>

RKreport[1]_S_03022013_02d0956.txt ; RKreport[2]_D_03022013_02d1012.txt

________________________________

Share this post


Link to post
Share on other sites

Hello and welcome, dordorkins: :)

We can't review scan logs or work on malware diagnostics and removal in this sub-section of the forum.

So, for expert help, please follow the recommendations in this sticky topic: Available Assistance For Possibly Infected Computers.

One of the qualified helpers will guide you through the cleaning process.

Thanks,

daledoc1

Share this post


Link to post
Share on other sites

Thanks.

I'm sorry, new here! :(

If you could, you can close this

xoxo.

Share this post


Link to post
Share on other sites

That's OK. :)

Newcomers often post first in this section with malware issues.

Good luck,

daledoc1

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.